Category: Security

Jun 22 2015

unix-privesc-check – Unix/Linux User Privilege Escalation Scanner

Unix-privesc-checker is a Unix/Linux User privilege escalation scanner that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases). It’s similar in some ways...

Read the full post at darknet.org.uk
Jun 22 2015

“Free” Proxies Aren’t Necessarily Free

Netflix, Hulu and a host of other content streaming services block non-U.S. users from viewing their content. As a result, many people residing in or traveling outside of the United States seek to circumvent such restrictions by using services that advertise “free” and “open” Web proxies capable of routing browser traffic through U.S.-based computers and networks. Perhaps unsurprisingly, new research suggests that most of these “free” offerings are anything but, and actively seek to weaken browser security and privacy.

proxyThe data comes from Austrian researcher and teacher Christian Haschek, who published a simple script to check 443 open Web proxies (no, that number was not accidental). His script tries to see if a given proxy allows encrypted browser traffic (https://), and whether the proxy tries to modify site content or inject any content into the user’s browser session, such as ads or malicious scripts.

Haschek found that 79 percent of the proxies he tested forced users to load pages in unencrypted (http://) mode, meaning the owners of those proxies could see all of the traffic in plain text.

“It could be because they want you to use http so they can analyze your traffic and steal your logins,” Haschek said. “If I’m a good guy setting up a server so that people can use it to be secure and anonymous, I’m going to allow people to use https. But what is my motive if I tell users http only?”

Haschek’s research also revealed that slightly more than 16 percent of the proxy servers were actively modifying static HTML pages to inject ads.

Virtual private networks (VPNs) allow users to tunnel their encrypted traffic to different countries, but increasingly online content providers are blocking popular VPN services as well. Tor offers users the ability to encrypt and tunnel traffic for free, but in my experience the service isn’t reliably fast enough to stream video.

Haschek suggests that users who wish to take advantage of open proxies pick ones that allow https traffic. He’s created and posted online a free tool that allows anyone to test whether a given proxy permits encrypted Web traffic, as well as whether the proxy truly hides the user’s real Internet address. This blog post explains more about his research methodology and script.

Users who wish to take advantage of open proxies also should consider doing so using a Live CD or virtual machine setup that makes it easy to reset the system to a clean installation after each use. I rely on the free VirtualBox platform to run multiple virtual machines, a handful of which I use to do much of my regular browsing, tweeting, emailing and other things that can lead sometimes to malicious links, scripts, etc.

I’ll most likely revisit setting up your own VirtualBox installation in a future post, but this tutorial offers a fairly easy-to-follow primer on how to run a Live CD installation of a Linux distribution of your choosing on top of VirtualBox.

Jun 22 2015

US, UK Intel agencies worked to subvert antivirus tools to aid hacking

Documents from the National Security Agency and the United Kingdom's Government Communications Headquarters (GCHQ) obtained by former NSA contractor Edward Snowden reveal that the two agencies—and GCHQ in particular—targeted antivirus software developers in an attempt to subvert their tools to assure success in computer network exploitation attacks on intelligence targets. Chief among their targets was Kaspersky Labs, the Russian antivirus software company, according to a report by The Intercept's Andrew Fishman and First Look Media Director of Security Morgan Marquis-Boire.

Kaspersky has had a high profile in combatting state-sponsored malware and was central in the exposure of a secret NSA-backed hacking group that had been in operation for 14 years. More recently, it was revealed that Kaspersky had come under direct attack recently from an updated version of the Duqu malware—possibly launched by an Israeli-sponsored hacking group. The same malware was found on the networks of locations hosting negotiations over Iran's nuclear program. But the latest Snowden documents show that both the NSA and GCHQ waged a somewhat more subversive battle against Kaspersky—both by attempting to reverse-engineer the company's antivirus software and leveraging its intelligence-collection operations for their own benefit.

Kaspersky was not the only target, but the company was the one most prominently mentioned in the Snowden documents released today by The Intercept. GCQH officials mentioned Kaspersky by name in a warrant extension request "in respect of activities which involve the modification of commercial software" in June 2008, requesting authorization to reverse engineer Kaspersky's and other companies' software products to exploit them for intelligence purposes. (The original warrant had been in place since at least January of 2008.)

Read 6 remaining paragraphs | Comments

Jun 22 2015

Airplanes grounded in Poland after hackers allegedly attack flight plan computer

Around 1400 passengers at Warsaw's Chopin (Okecie) airport in Poland were grounded on Sunday after hackers allegedly attacked the computer system used to issue flight plans to the airplanes. The source of the attack isn't yet known.

The alleged hack targeted LOT, the state-owned flag-carrying Polish airline. Reuters is reporting that the attack took place on Sunday afternoon, and was fixed about five hours later. 10 LOT flights were cancelled and about a dozen more were delayed, according to a LOT spokesman.

The spokesman didn't provide any details of what had actually occurred, though he did give away this one tantalising morsel: "We're using state-of-the-art computer systems, so this could potentially be a threat to others in the industry." The spokesman said that flights that were already in the air were not affected by the hack and could land normally. Also, the hack didn't affect the airport itself; it was just the LOT computers.

Read 3 remaining paragraphs | Comments